Fix #1963, Fix #1964 - URL bar alignment is off and secure page icon not showing

[Brandon-T]

Security Review:

• https://github.com/brave/security/issues/28

Summary of Changes

• Fixes URL bar alignment due to security bug Handling truncated domains #552
• Fixes URL bar secure webpage icon not showing 100% of the time
• Like Android, added green and red colours to the icon.
• Fixes 4 security flaws in the validation of the SecTrust for WKWebView (calling SecTrustEvaluate was not enough.. I have added a list of policies to validate.. can be tested with https://badssl.com)
  • Now validates expired certificates
  • Now validates wrong host
  • Now validates CRL (Certificate Revocation)
  • Now validates x509 (SHA1, Subject, KeyLength, etc)..
    • In iOS 13, any certificate with SHA1 or weak algorithms will fail.
    • Any non TLS1.2 cert will fail.
    • Any certificate with invalid SubjectInfo or any invalid fields will fail.

Prior to these "small" changes, all tests against badssl.com would fail and show the page was secure when it wasn't.

WIP:

• Still waiting on the real icons for iOS to be uploaded to the ticket.
• Unit tests for security.

This pull request fixes issue #1964 & #1963

Submitter Checklist:

• Unit Tests are updated to cover new or changed functionality
• User-facing strings use NSLocalizableString()

Test Plan:

Screenshots:

Reviewer Checklist:

• Issues include necessary QA labels:
  • QA/(Yes|No)
  • release-notes/(include|exclude)
  • bug / enhancement
• Necessary security reviews have taken place.
• Adequate unit test coverage exists to prevent regressions.
• Adequate test plan exists for QA to validate (if applicable).
• Issue is assigned to a milestone (should happen at merge time).

[iccub]

What is verdict on this? I mean how this PR works with etld+1 stuff?

[Brandon-T]

What is verdict on this? I mean how this PR works with etld+1 stuff?

It works great. Basically we want to keep that it shows the ETLD+1 in the middle of the bar, but I reduced the amount of padding on the sides so it doesn't look like it's severely cut off..

However, @jhreis has asked someone if we're okay with how many icons are in the URL bar causing it to look really cluttered on iPhone 5S. Not sure the verdict on that part.

[iccub]

thanks, 5S runs on iOS 12 and is a really small fraction of devices, this is definitely out of scope for this PR

[iccub]

The lock icon is red for new tab page, reader mode and error pages is showing, and it's red color.
We should hide it

[Brandon-T]

The lock icon is red for new tab page, reader mode and error pages is showing, and it's red color.
We should hide it

I fixed it for about page and reader mode by changing its colour back to the default or secure. Are you sure we should hide it? If we want to hide it, I can definitely do that but what about reader mode? Our GCD webserver has no cert or trust to evaluate so it will technically be insecure or undetermined. So when we switch back and forth from reader to non-reader mode, it will shift the URL every time if I hide it.

[jumde]

thanks, 5S runs on iOS 12 and is a really small fraction of devices, this is definitely out of scope for this PR

@iccub the experience is same on iPhone SE.

[iccub]

Wait with merging until security review is finished

[jumde]

security review approved 👍